diff --git a/Makefile b/Makefile index ebad195d2c..07974a426b 100644 --- a/Makefile +++ b/Makefile @@ -21,11 +21,12 @@ SHELL := /usr/bin/env bash DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.0 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools REGISTRY_URL := gcr.io/cloud-foundation-cicd +DOCKER_BIN ?= docker # Enter docker container for local development .PHONY: docker_run docker_run: - docker run --rm -it \ + $(DOCKER_BIN) run --rm -it \ -e SERVICE_ACCOUNT_JSON \ -v "$(CURDIR)":/workspace \ $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ @@ -34,7 +35,7 @@ docker_run: # Execute prepare tests within the docker container .PHONY: docker_test_prepare docker_test_prepare: - docker run --rm -it \ + $(DOCKER_BIN) run --rm -it \ -e SERVICE_ACCOUNT_JSON \ -e TF_VAR_org_id \ -e TF_VAR_folder_id \ @@ -46,7 +47,7 @@ docker_test_prepare: # Clean up test environment within the docker container .PHONY: docker_test_cleanup docker_test_cleanup: - docker run --rm -it \ + $(DOCKER_BIN) run --rm -it \ -e SERVICE_ACCOUNT_JSON \ -e TF_VAR_org_id \ -e TF_VAR_folder_id \ @@ -58,7 +59,7 @@ docker_test_cleanup: # Execute integration tests within the docker container .PHONY: docker_test_integration docker_test_integration: - docker run --rm -it \ + $(DOCKER_BIN) run --rm -it \ -e SERVICE_ACCOUNT_JSON \ -v "$(CURDIR)":/workspace \ $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ @@ -67,7 +68,7 @@ docker_test_integration: # Execute lint tests within the docker container .PHONY: docker_test_lint docker_test_lint: - docker run --rm -it \ + $(DOCKER_BIN) run --rm -it \ -e ENABLE_PARALLEL=1 \ -v "$(CURDIR)":/workspace \ $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ @@ -76,7 +77,7 @@ docker_test_lint: # Generate documentation .PHONY: docker_generate_docs docker_generate_docs: - docker run --rm -it \ + $(DOCKER_BIN) run --rm -it \ -v "$(CURDIR)":/workspace \ $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ /bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs' @@ -84,7 +85,7 @@ docker_generate_docs: # Generate files from autogen .PHONY: docker_generate_modules docker_generate_modules: - docker run --rm -it \ + $(DOCKER_BIN) run --rm -it \ -v "$(CURDIR)":/workspace \ $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ /bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_modules' diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index e34ee2c6fc..3bde1907b7 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -78,7 +78,22 @@ resource "google_container_cluster" "primary" { } } logging_service = local.cluster_telemetry_type_is_set ? null : var.logging_service + dynamic "logging_config" { + for_each = length(var.logging_enabled_components) > 0 ? [1] : [] + + content { + enable_components = var.logging_enabled_components + } + } + monitoring_service = local.cluster_telemetry_type_is_set ? null : var.monitoring_service + dynamic "monitoring_config" { + for_each = length(var.monitoring_enabled_components) > 0 ? [1] : [] + + content { + enable_components = var.monitoring_enabled_components + } + } {% else %} logging_service = var.logging_service monitoring_service = var.monitoring_service diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 84aa6c62c4..ea8e1fe01b 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -348,12 +348,28 @@ variable "logging_service" { default = "logging.googleapis.com/kubernetes" } +{% if beta_cluster %} +variable "logging_enabled_components" { + type = list(string) + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration." + default = [] +} + +{% endif %} variable "monitoring_service" { type = string description = "The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none" default = "monitoring.googleapis.com/kubernetes" } +{% if beta_cluster %} +variable "monitoring_enabled_components" { + type = list(string) + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration." + default = [] +} + +{% endif %} variable "create_service_account" { type = bool description = "Defines if service account specified to run nodes should be created." diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl index b83b06ba3e..adfc8e5745 100644 --- a/autogen/main/versions.tf.tmpl +++ b/autogen/main/versions.tf.tmpl @@ -24,7 +24,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 3.79.0, <4.0.0" + version = ">= 3.87.0, <4.0.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/examples/node_pool_update_variant_beta/main.tf b/examples/node_pool_update_variant_beta/main.tf index e292fab994..b282aa608e 100644 --- a/examples/node_pool_update_variant_beta/main.tf +++ b/examples/node_pool_update_variant_beta/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.79.0" + version = "~> 3.87.0" credentials = file(var.credentials_path) region = var.region } diff --git a/examples/node_pool_update_variant_public_beta/main.tf b/examples/node_pool_update_variant_public_beta/main.tf index 4dedb77761..10e9c084ef 100644 --- a/examples/node_pool_update_variant_public_beta/main.tf +++ b/examples/node_pool_update_variant_public_beta/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.79.0" + version = "~> 3.87.0" credentials = file(var.credentials_path) region = var.region } diff --git a/examples/regional_private_node_pool_oauth_scopes/provider.tf b/examples/regional_private_node_pool_oauth_scopes/provider.tf index e5b9d47320..28e2d75ab1 100644 --- a/examples/regional_private_node_pool_oauth_scopes/provider.tf +++ b/examples/regional_private_node_pool_oauth_scopes/provider.tf @@ -19,7 +19,7 @@ provider "google" { } provider "google-beta" { - version = "~> 3.79.0" + version = "~> 3.87.0" } data "google_client_config" "default" {} diff --git a/examples/safer_cluster/main.tf b/examples/safer_cluster/main.tf index f9eae04450..84b94d79e6 100644 --- a/examples/safer_cluster/main.tf +++ b/examples/safer_cluster/main.tf @@ -35,7 +35,7 @@ provider "google" { } provider "google-beta" { - version = "~> 3.79.0" + version = "~> 3.87.0" } data "google_client_config" "default" {} diff --git a/examples/safer_cluster_iap_bastion/provider.tf b/examples/safer_cluster_iap_bastion/provider.tf index cd56d735b7..ca882e5f56 100644 --- a/examples/safer_cluster_iap_bastion/provider.tf +++ b/examples/safer_cluster_iap_bastion/provider.tf @@ -19,7 +19,7 @@ provider "google" { } provider "google-beta" { - version = "~> 3.79.0" + version = "~> 3.87.0" } data "google_client_config" "default" {} diff --git a/examples/simple_regional_beta/main.tf b/examples/simple_regional_beta/main.tf index 9bb78ddd7f..12ec938e7f 100644 --- a/examples/simple_regional_beta/main.tf +++ b/examples/simple_regional_beta/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.79.0" + version = "~> 3.87.0" region = var.region } diff --git a/examples/simple_regional_private_beta/main.tf b/examples/simple_regional_private_beta/main.tf index 13dd7655e1..0c7d6885f6 100644 --- a/examples/simple_regional_private_beta/main.tf +++ b/examples/simple_regional_private_beta/main.tf @@ -24,7 +24,7 @@ provider "google" { } provider "google-beta" { - version = "~> 3.79.0" + version = "~> 3.87.0" region = var.region } diff --git a/examples/simple_zonal_with_asm/main.tf b/examples/simple_zonal_with_asm/main.tf index bffde7f7c2..d8a5f9a818 100644 --- a/examples/simple_zonal_with_asm/main.tf +++ b/examples/simple_zonal_with_asm/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.79.0" + version = "~> 3.87.0" region = var.region } diff --git a/examples/workload_metadata_config/main.tf b/examples/workload_metadata_config/main.tf index 7ae00e7798..b146e30c33 100644 --- a/examples/workload_metadata_config/main.tf +++ b/examples/workload_metadata_config/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.79.0" + version = "~> 3.87.0" region = var.region } diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 0916532bce..a932b2e70a 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -211,6 +211,7 @@ Then perform the following commands on the root folder: | istio\_auth | (Beta) The authentication type between services in Istio. | `string` | `"AUTH_MUTUAL_TLS"` | no | | kalm\_config | (Beta) Whether KALM is enabled for this cluster. | `bool` | `false` | no | | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | +| logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | | maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | @@ -219,6 +220,7 @@ Then perform the following commands on the root folder: | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | (Beta) Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | | master\_ipv4\_cidr\_block | (Beta) The IP range in CIDR notation to use for the hosted master network | `string` | `"10.0.0.0/28"` | no | +| monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration. | `list(string)` | `[]` | no | | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | name | The name of the cluster (required) | `string` | n/a | yes | | network | The VPC network to host the cluster in (required) | `string` | n/a | yes | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 72a05e34de..6191fbd0f2 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -68,8 +68,23 @@ resource "google_container_cluster" "primary" { type = var.cluster_telemetry_type } } - logging_service = local.cluster_telemetry_type_is_set ? null : var.logging_service + logging_service = local.cluster_telemetry_type_is_set ? null : var.logging_service + dynamic "logging_config" { + for_each = length(var.logging_enabled_components) > 0 ? [1] : [] + + content { + enable_components = var.logging_enabled_components + } + } + monitoring_service = local.cluster_telemetry_type_is_set ? null : var.monitoring_service + dynamic "monitoring_config" { + for_each = length(var.monitoring_enabled_components) > 0 ? [1] : [] + + content { + enable_components = var.monitoring_enabled_components + } + } cluster_autoscaling { enabled = var.cluster_autoscaling.enabled diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 88f8b9bf62..f25adcccf7 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -336,12 +336,24 @@ variable "logging_service" { default = "logging.googleapis.com/kubernetes" } +variable "logging_enabled_components" { + type = list(string) + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration." + default = [] +} + variable "monitoring_service" { type = string description = "The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none" default = "monitoring.googleapis.com/kubernetes" } +variable "monitoring_enabled_components" { + type = list(string) + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration." + default = [] +} + variable "create_service_account" { type = bool description = "Defines if service account specified to run nodes should be created." diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf index e21a5a1605..ce467385c8 100644 --- a/modules/beta-private-cluster-update-variant/versions.tf +++ b/modules/beta-private-cluster-update-variant/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 3.79.0, <4.0.0" + version = ">= 3.87.0, <4.0.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 206fb379e1..bdec3ab7c7 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -189,6 +189,7 @@ Then perform the following commands on the root folder: | istio\_auth | (Beta) The authentication type between services in Istio. | `string` | `"AUTH_MUTUAL_TLS"` | no | | kalm\_config | (Beta) Whether KALM is enabled for this cluster. | `bool` | `false` | no | | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | +| logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | | maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | @@ -197,6 +198,7 @@ Then perform the following commands on the root folder: | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | (Beta) Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | | master\_ipv4\_cidr\_block | (Beta) The IP range in CIDR notation to use for the hosted master network | `string` | `"10.0.0.0/28"` | no | +| monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration. | `list(string)` | `[]` | no | | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | name | The name of the cluster (required) | `string` | n/a | yes | | network | The VPC network to host the cluster in (required) | `string` | n/a | yes | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 3727f32ee1..c338707c99 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -68,8 +68,23 @@ resource "google_container_cluster" "primary" { type = var.cluster_telemetry_type } } - logging_service = local.cluster_telemetry_type_is_set ? null : var.logging_service + logging_service = local.cluster_telemetry_type_is_set ? null : var.logging_service + dynamic "logging_config" { + for_each = length(var.logging_enabled_components) > 0 ? [1] : [] + + content { + enable_components = var.logging_enabled_components + } + } + monitoring_service = local.cluster_telemetry_type_is_set ? null : var.monitoring_service + dynamic "monitoring_config" { + for_each = length(var.monitoring_enabled_components) > 0 ? [1] : [] + + content { + enable_components = var.monitoring_enabled_components + } + } cluster_autoscaling { enabled = var.cluster_autoscaling.enabled diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 88f8b9bf62..f25adcccf7 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -336,12 +336,24 @@ variable "logging_service" { default = "logging.googleapis.com/kubernetes" } +variable "logging_enabled_components" { + type = list(string) + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration." + default = [] +} + variable "monitoring_service" { type = string description = "The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none" default = "monitoring.googleapis.com/kubernetes" } +variable "monitoring_enabled_components" { + type = list(string) + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration." + default = [] +} + variable "create_service_account" { type = bool description = "Defines if service account specified to run nodes should be created." diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf index 248d0d08ff..079a070820 100644 --- a/modules/beta-private-cluster/versions.tf +++ b/modules/beta-private-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 3.79.0, <4.0.0" + version = ">= 3.87.0, <4.0.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 367be68aaf..a8ead250c5 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -202,12 +202,14 @@ Then perform the following commands on the root folder: | istio\_auth | (Beta) The authentication type between services in Istio. | `string` | `"AUTH_MUTUAL_TLS"` | no | | kalm\_config | (Beta) Whether KALM is enabled for this cluster. | `bool` | `false` | no | | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | +| logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | | maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | +| monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration. | `list(string)` | `[]` | no | | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | name | The name of the cluster (required) | `string` | n/a | yes | | network | The VPC network to host the cluster in (required) | `string` | n/a | yes | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 1a9ded382c..8a51523aef 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -68,8 +68,23 @@ resource "google_container_cluster" "primary" { type = var.cluster_telemetry_type } } - logging_service = local.cluster_telemetry_type_is_set ? null : var.logging_service + logging_service = local.cluster_telemetry_type_is_set ? null : var.logging_service + dynamic "logging_config" { + for_each = length(var.logging_enabled_components) > 0 ? [1] : [] + + content { + enable_components = var.logging_enabled_components + } + } + monitoring_service = local.cluster_telemetry_type_is_set ? null : var.monitoring_service + dynamic "monitoring_config" { + for_each = length(var.monitoring_enabled_components) > 0 ? [1] : [] + + content { + enable_components = var.monitoring_enabled_components + } + } cluster_autoscaling { enabled = var.cluster_autoscaling.enabled diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index 4bfbd6b78c..104d1dae7f 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -336,12 +336,24 @@ variable "logging_service" { default = "logging.googleapis.com/kubernetes" } +variable "logging_enabled_components" { + type = list(string) + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration." + default = [] +} + variable "monitoring_service" { type = string description = "The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none" default = "monitoring.googleapis.com/kubernetes" } +variable "monitoring_enabled_components" { + type = list(string) + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration." + default = [] +} + variable "create_service_account" { type = bool description = "Defines if service account specified to run nodes should be created." diff --git a/modules/beta-public-cluster-update-variant/versions.tf b/modules/beta-public-cluster-update-variant/versions.tf index 074f09545b..add0d45a72 100644 --- a/modules/beta-public-cluster-update-variant/versions.tf +++ b/modules/beta-public-cluster-update-variant/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 3.79.0, <4.0.0" + version = ">= 3.87.0, <4.0.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 6421c6eb9f..be7111e851 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -180,12 +180,14 @@ Then perform the following commands on the root folder: | istio\_auth | (Beta) The authentication type between services in Istio. | `string` | `"AUTH_MUTUAL_TLS"` | no | | kalm\_config | (Beta) Whether KALM is enabled for this cluster. | `bool` | `false` | no | | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | +| logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | | maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | +| monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration. | `list(string)` | `[]` | no | | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | name | The name of the cluster (required) | `string` | n/a | yes | | network | The VPC network to host the cluster in (required) | `string` | n/a | yes | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 9fcbf10462..29af552bd8 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -68,8 +68,23 @@ resource "google_container_cluster" "primary" { type = var.cluster_telemetry_type } } - logging_service = local.cluster_telemetry_type_is_set ? null : var.logging_service + logging_service = local.cluster_telemetry_type_is_set ? null : var.logging_service + dynamic "logging_config" { + for_each = length(var.logging_enabled_components) > 0 ? [1] : [] + + content { + enable_components = var.logging_enabled_components + } + } + monitoring_service = local.cluster_telemetry_type_is_set ? null : var.monitoring_service + dynamic "monitoring_config" { + for_each = length(var.monitoring_enabled_components) > 0 ? [1] : [] + + content { + enable_components = var.monitoring_enabled_components + } + } cluster_autoscaling { enabled = var.cluster_autoscaling.enabled diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 4bfbd6b78c..104d1dae7f 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -336,12 +336,24 @@ variable "logging_service" { default = "logging.googleapis.com/kubernetes" } +variable "logging_enabled_components" { + type = list(string) + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration." + default = [] +} + variable "monitoring_service" { type = string description = "The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none" default = "monitoring.googleapis.com/kubernetes" } +variable "monitoring_enabled_components" { + type = list(string) + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration." + default = [] +} + variable "create_service_account" { type = bool description = "Defines if service account specified to run nodes should be created." diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf index cb10e074a8..3f0ad0de03 100644 --- a/modules/beta-public-cluster/versions.tf +++ b/modules/beta-public-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 3.79.0, <4.0.0" + version = ">= 3.87.0, <4.0.0" } kubernetes = { source = "hashicorp/kubernetes"